* OE-core CVE metrics for master on Sun 15 Aug 2021 04:00:01 AM HST
@ 2021-08-15 14:03 Steve Sakoman
2021-08-16 9:06 ` [yocto-security] " Ross Burton
0 siblings, 1 reply; 2+ messages in thread
From: Steve Sakoman @ 2021-08-15 14:03 UTC (permalink / raw)
To: openembedded-core, yocto-security
Branch: master
New this week: 3 CVEs
CVE-2021-32803: tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32803 *
CVE-2021-32804: tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32804 *
CVE-2021-3682: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3682 *
Removed this week: 1 CVEs
CVE-2021-35942: glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 *
Full list: Found 13 unpatched CVEs
CVE-2019-12067: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2019-6293: flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 *
CVE-2020-27748: xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27748 *
CVE-2020-35503: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2021-20255: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
CVE-2021-31879: wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-32803: tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32803 *
CVE-2021-32804: tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32804 *
CVE-2021-34558: go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34558 *
CVE-2021-3507: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 *
CVE-2021-35331: tcl:tcl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35331 *
CVE-2021-3682: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3682 *
CVE-2021-36976: libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36976 *
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [yocto-security] OE-core CVE metrics for master on Sun 15 Aug 2021 04:00:01 AM HST
2021-08-15 14:03 OE-core CVE metrics for master on Sun 15 Aug 2021 04:00:01 AM HST Steve Sakoman
@ 2021-08-16 9:06 ` Ross Burton
0 siblings, 0 replies; 2+ messages in thread
From: Ross Burton @ 2021-08-16 9:06 UTC (permalink / raw)
To: Steve Sakoman; +Cc: OE-core, yocto-security
On Sun, 15 Aug 2021 at 15:03, Steve Sakoman <steve@sakoman.com> wrote:
> New this week: 3 CVEs
> CVE-2021-32803: tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32803 *
> CVE-2021-32804: tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32804 *
These are both node-tar specific, patch sent (and is good for all
stable branches).
Ross
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-08-16 9:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-15 14:03 OE-core CVE metrics for master on Sun 15 Aug 2021 04:00:01 AM HST Steve Sakoman
2021-08-16 9:06 ` [yocto-security] " Ross Burton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox